org.apache.hadoop.security.authentication.client.AuthenticatedURL Java Examples
The following examples show how to use
org.apache.hadoop.security.authentication.client.AuthenticatedURL.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: URLConnectionFactory.java From big-c with Apache License 2.0 | 6 votes |
/** * Opens a url with read and connect timeouts * * @param url * URL to open * @param isSpnego * whether the url should be authenticated via SPNEGO * @return URLConnection * @throws IOException * @throws AuthenticationException */ public URLConnection openConnection(URL url, boolean isSpnego) throws IOException, AuthenticationException { if (isSpnego) { if (LOG.isDebugEnabled()) { LOG.debug("open AuthenticatedURL connection" + url); } UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab(); final AuthenticatedURL.Token authToken = new AuthenticatedURL.Token(); return new AuthenticatedURL(new KerberosUgiAuthenticator(), connConfigurator).openConnection(url, authToken); } else { if (LOG.isDebugEnabled()) { LOG.debug("open URL connection"); } URLConnection connection = url.openConnection(); if (connection instanceof HttpURLConnection) { connConfigurator.configure((HttpURLConnection) connection); } return connection; } }
Example #2
Source File: TestHttpFSWithKerberos.java From big-c with Apache License 2.0 | 6 votes |
@Test @TestDir @TestJetty @TestHdfs public void testValidHttpFSAccess() throws Exception { createHttpFSServer(); KerberosTestUtils.doAsClient(new Callable<Void>() { @Override public Void call() throws Exception { URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"); AuthenticatedURL aUrl = new AuthenticatedURL(); AuthenticatedURL.Token aToken = new AuthenticatedURL.Token(); HttpURLConnection conn = aUrl.openConnection(url, aToken); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK); return null; } }); }
Example #3
Source File: PseudoWebHDFSConnection.java From Transwarp-Sample-Code with MIT License | 6 votes |
public static synchronized Token generateToken(String srvUrl, String princ, String passwd) { AuthenticatedURL.Token newToken = new AuthenticatedURL.Token(); Authenticator authenticator = new PseudoAuthenticator(princ); try { String spec = MessageFormat.format( "/webhdfs/v1/?op=GETHOMEDIRECTORY&user.name={0}", princ); HttpURLConnection conn = new AuthenticatedURL(authenticator) .openConnection(new URL(new URL(srvUrl), spec), newToken); conn.connect(); conn.disconnect(); } catch (Exception ex) { logger.error(ex.getMessage()); logger.error("[" + princ + ":" + passwd + "]@" + srvUrl, ex); } return newToken; }
Example #4
Source File: KerberosAuthenticator2.java From Transwarp-Sample-Code with MIT License | 6 votes |
/** * Performs SPNEGO authentication against the specified URL. * <p/> * If a token is given it does a NOP and returns the given token. * <p/> * If no token is given, it will perform the SPNEGO authentication sequence * using an HTTP <code>OPTIONS</code> request. * * @param url the URl to authenticate against. * @param token the authentication token being used for the user. * @throws IOException if an IO error occurred. * @throws AuthenticationException if an authentication error occurred. */ public void authenticate(URL url, AuthenticatedURL.Token token) throws IOException, AuthenticationException { if (!token.isSet()) { this.url = url; base64 = new Base64(0); conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod(AUTH_HTTP_METHOD); conn.connect(); if (isNegotiate()) { doSpnegoSequence(token); } else { getFallBackAuthenticator().authenticate(url, token); } } }
Example #5
Source File: KerberosWebHDFSConnection2.java From Transwarp-Sample-Code with MIT License | 6 votes |
public KerberosWebHDFSConnection2(String httpfsUrl, String principal, String password) { this.httpfsUrl = httpfsUrl; this.principal = principal; this.password = password; Configuration conf = new Configuration(); conf.addResource("conf/hdfs-site.xml"); conf.addResource("conf/core-site.xml"); newToken = new AuthenticatedURL.Token(); KerberosAuthenticator ka = new KerberosAuthenticator(); ConnectionConfigurator connectionConfigurator = new SSLFactory(SSLFactory.Mode.CLIENT,conf); ka.setConnectionConfigurator(connectionConfigurator); try{ URL url = new URL(httpfsUrl); ka.authenticate(url,newToken); }catch(Exception e){ e.printStackTrace(); } this.authenticatedURL = new AuthenticatedURL(ka,connectionConfigurator); // this.authenticatedURL = new AuthenticatedURL( // new KerberosAuthenticator2(principal, password)); }
Example #6
Source File: TimelineReaderFactory.java From tez with Apache License 2.0 | 6 votes |
@Override public HttpURLConnection getHttpURLConnection(URL url) throws IOException { try { AuthenticatedURL authenticatedURL= ReflectionUtils.createClazzInstance( DELEGATION_TOKEN_AUTHENTICATED_URL_CLAZZ_NAME, new Class[] { delegationTokenAuthenticatorClazz, ConnectionConfigurator.class }, new Object[] { authenticator, connConfigurator }); return ReflectionUtils.invokeMethod(authenticatedURL, delegationTokenAuthenticateURLOpenConnectionMethod, url, token, doAsUser); } catch (Exception e) { throw new IOException(e); } }
Example #7
Source File: URLConnectionFactory.java From hadoop with Apache License 2.0 | 6 votes |
/** * Opens a url with read and connect timeouts * * @param url * URL to open * @param isSpnego * whether the url should be authenticated via SPNEGO * @return URLConnection * @throws IOException * @throws AuthenticationException */ public URLConnection openConnection(URL url, boolean isSpnego) throws IOException, AuthenticationException { if (isSpnego) { if (LOG.isDebugEnabled()) { LOG.debug("open AuthenticatedURL connection" + url); } UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab(); final AuthenticatedURL.Token authToken = new AuthenticatedURL.Token(); return new AuthenticatedURL(new KerberosUgiAuthenticator(), connConfigurator).openConnection(url, authToken); } else { if (LOG.isDebugEnabled()) { LOG.debug("open URL connection"); } URLConnection connection = url.openConnection(); if (connection instanceof HttpURLConnection) { connConfigurator.configure((HttpURLConnection) connection); } return connection; } }
Example #8
Source File: TestHttpFSWithKerberos.java From hadoop with Apache License 2.0 | 6 votes |
@Test @TestDir @TestJetty @TestHdfs public void testValidHttpFSAccess() throws Exception { createHttpFSServer(); KerberosTestUtils.doAsClient(new Callable<Void>() { @Override public Void call() throws Exception { URL url = new URL(TestJettyHelper.getJettyURL(), "/webhdfs/v1/?op=GETHOMEDIRECTORY"); AuthenticatedURL aUrl = new AuthenticatedURL(); AuthenticatedURL.Token aToken = new AuthenticatedURL.Token(); HttpURLConnection conn = aUrl.openConnection(url, aToken); Assert.assertEquals(conn.getResponseCode(), HttpURLConnection.HTTP_OK); return null; } }); }
Example #9
Source File: TestAuthenticationFilter.java From big-c with Apache License 2.0 | 5 votes |
private static void parseCookieMap(String cookieHeader, HashMap<String, String> cookieMap) { List<HttpCookie> cookies = HttpCookie.parse(cookieHeader); for (HttpCookie cookie : cookies) { if (AuthenticatedURL.AUTH_COOKIE.equals(cookie.getName())) { cookieMap.put(cookie.getName(), cookie.getValue()); if (cookie.getPath() != null) { cookieMap.put("Path", cookie.getPath()); } if (cookie.getDomain() != null) { cookieMap.put("Domain", cookie.getDomain()); } } } }
Example #10
Source File: ThreadContextMR2.java From dr-elephant with Apache License 2.0 | 5 votes |
@Override public AuthenticatedURL.Token initialValue() { _LOCAL_LAST_UPDATED.set(System.currentTimeMillis()); // Random an interval for each executor to avoid update token at the same time _LOCAL_UPDATE_INTERVAL.set(Statistics.MINUTE_IN_MS * 30 + RANDOM_GENERATOR.nextLong() % (3 * Statistics.MINUTE_IN_MS)); logger.info("Executor " + _LOCAL_THREAD_ID.get() + " update interval " + _LOCAL_UPDATE_INTERVAL.get() * 1.0 / Statistics.MINUTE_IN_MS); return new AuthenticatedURL.Token(); }
Example #11
Source File: KerberosRealm.java From zeppelin with Apache License 2.0 | 5 votes |
private static AuthenticationToken getTokenFromCookies(Cookie[] cookies) throws AuthenticationException { AuthenticationToken token = null; String tokenStr = null; if (cookies != null) { for (Cookie cookie : cookies) { if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) { tokenStr = cookie.getValue(); if (tokenStr.isEmpty()) { throw new AuthenticationException("Empty token"); } try { tokenStr = signer.verifyAndExtract(tokenStr); } catch (SignerException ex) { throw new AuthenticationException(ex); } break; } } } if (tokenStr != null) { token = AuthenticationToken.parse(tokenStr); boolean match = verifyTokenType(token); if (!match) { throw new AuthenticationException("Invalid AuthenticationToken type"); } if (token.isExpired()) { throw new AuthenticationException("AuthenticationToken expired"); } } return token; }
Example #12
Source File: Client.java From hbase with Apache License 2.0 | 5 votes |
/** * Helper method that injects an authentication token to send with the method. * @param method method to inject the authentication token into. * @param token authentication token to inject. */ private void injectToken(HttpUriRequest method, AuthenticatedURL.Token token) { String t = token.toString(); if (t != null) { if (!t.startsWith("\"")) { t = "\"" + t + "\""; } method.addHeader(COOKIE, AUTH_COOKIE_EQ + t); } }
Example #13
Source File: Client.java From hbase with Apache License 2.0 | 5 votes |
/** * Initiate client side Kerberos negotiation with the server. * @param method method to inject the authentication token into. * @param uri the String to parse as a URL. * @throws IOException if unknown protocol is found. */ private void negotiate(HttpUriRequest method, String uri) throws IOException { try { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); KerberosAuthenticator authenticator = new KerberosAuthenticator(); authenticator.authenticate(new URL(uri), token); // Inject the obtained negotiated token in the method cookie injectToken(method, token); } catch (AuthenticationException e) { LOG.error("Failed to negotiate with the server.", e); throw new IOException(e); } }
Example #14
Source File: RangerKrbFilter.java From ranger with Apache License 2.0 | 5 votes |
/** * Creates the Hadoop authentication HTTP cookie. * * @param token authentication token for the cookie. * @param expires UNIX timestamp that indicates the expire date of the * cookie. It has no effect if its value < 0. * * XXX the following code duplicate some logic in Jetty / Servlet API, * because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6 * right now. */ public static void createAuthCookie(HttpServletResponse resp, String token, String domain, String path, long expires, boolean isSecure) { StringBuilder sb = new StringBuilder(AuthenticatedURL.AUTH_COOKIE) .append("="); if (token != null && token.length() > 0) { sb.append("\"").append(token).append("\""); } if (path != null) { sb.append("; Path=").append(path); } if (domain != null) { sb.append("; Domain=").append(domain); } if (expires >= 0) { Date date = new Date(expires); SimpleDateFormat df = new SimpleDateFormat("EEE, " + "dd-MMM-yyyy HH:mm:ss zzz"); df.setTimeZone(TimeZone.getTimeZone("GMT")); sb.append("; Expires=").append(df.format(date)); } if (isSecure) { sb.append("; Secure"); } sb.append("; HttpOnly"); resp.addHeader("Set-Cookie", sb.toString()); }
Example #15
Source File: RangerKrbFilter.java From ranger with Apache License 2.0 | 5 votes |
/** * Returns the {@link AuthenticationToken} for the request. * <p> * It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE} * if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns * it. * <p> * If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler} * to perform user authentication. * * @param request request object. * * @return the Authentication token if the request is authenticated, <code>null</code> otherwise. * * @throws IOException thrown if an IO error occurred. * @throws AuthenticationException thrown if the token is invalid or if it has expired. */ protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException { AuthenticationToken token = null; String tokenStr = null; Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if (AuthenticatedURL.AUTH_COOKIE.equals(cookie.getName())) { tokenStr = cookie.getValue(); try { tokenStr = signer.verifyAndExtract(tokenStr); } catch (SignerException ex) { throw new AuthenticationException(ex); } break; } } } if (tokenStr != null) { token = AuthenticationToken.parse(tokenStr); if(token != null){ if (!token.getType().equals(authHandler.getType())) { throw new AuthenticationException("Invalid AuthenticationToken type"); } if (token.isExpired()) { throw new AuthenticationException("AuthenticationToken expired"); } } } return token; }
Example #16
Source File: SecurityCatalogResource.java From streamline with Apache License 2.0 | 5 votes |
@POST @Path("/users/current/logout") @Timed public Response logoutCurrentUser(@Context UriInfo uriInfo, @Context SecurityContext securityContext) throws Exception { User currentUser = getCurrentUser(securityContext); // Set-Cookie hadoop.auth=deleted;Version=1;Path=/;Max-Age=0;HttpOnly;Expires=Thu, 01 Jan 1970 00:00:00 GMT Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, "deleted", "/", null); NewCookie newCookie = new NewCookie(cookie, null, 0, new Date(0), securityContext.isSecure(), true); return Response.status(OK) .entity(currentUser) .cookie(newCookie) .build(); }
Example #17
Source File: KerberosRealm.java From zeppelin with Apache License 2.0 | 5 votes |
/** * Creates the Hadoop authentication HTTP cookie. * * @param resp the response object. * @param token authentication token for the cookie. * @param domain the cookie domain. * @param path the cookie path. * @param expires UNIX timestamp that indicates the expire date of the * cookie. It has no effect if its value < 0. * @param isSecure is the cookie secure? * @param isCookiePersistent whether the cookie is persistent or not. * <p> * XXX the following code duplicate some logic in Jetty / Servlet API, * because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6 * right now. */ public static void createAuthCookie(HttpServletResponse resp, String token, String domain, String path, long expires, boolean isCookiePersistent, boolean isSecure) { StringBuilder sb = new StringBuilder(AuthenticatedURL.AUTH_COOKIE) .append("="); if (token != null && token.length() > 0) { sb.append("\"").append(token).append("\""); } if (path != null) { sb.append("; Path=").append(path); } if (domain != null) { sb.append("; Domain=").append(domain); } if (expires >= 0 && isCookiePersistent) { Date date = new Date(expires); SimpleDateFormat df = new SimpleDateFormat("EEE, " + "dd-MMM-yyyy HH:mm:ss zzz"); df.setTimeZone(TimeZone.getTimeZone("GMT")); sb.append("; Expires=").append(df.format(date)); } if (isSecure) { sb.append("; Secure"); } sb.append("; HttpOnly"); resp.addHeader("Set-Cookie", sb.toString()); }
Example #18
Source File: AtlasAuthenticationFilter.java From incubator-atlas with Apache License 2.0 | 5 votes |
private static String readUserFromCookie(HttpServletResponse response1) { String userName = null; boolean isCookieSet = response1.containsHeader("Set-Cookie"); if (isCookieSet) { Collection<String> authUserName = response1.getHeaders("Set-Cookie"); if (authUserName != null) { for (String cookie : authUserName) { if (!StringUtils.isEmpty(cookie)) { if (cookie.toLowerCase().startsWith(AuthenticatedURL.AUTH_COOKIE.toLowerCase()) && cookie.contains("u=")) { String[] split = cookie.split(";"); if (split != null) { for (String s : split) { if (!StringUtils.isEmpty(s) && s.toLowerCase().startsWith(AuthenticatedURL.AUTH_COOKIE.toLowerCase())) { int ustr = s.indexOf("u="); if (ustr != -1) { int andStr = s.indexOf("&", ustr); if (andStr != -1) { try { userName = s.substring(ustr + 2, andStr); break; } catch (Exception e) { userName = null; } } } } } } } } } } } return userName; }
Example #19
Source File: TestAuthenticationFilter.java From big-c with Apache License 2.0 | 5 votes |
@Test public void testGetToken() throws Exception { AuthenticationFilter filter = new AuthenticationFilter(); try { FilterConfig config = Mockito.mock(FilterConfig.class); Mockito.when(config.getInitParameter("management.operation.return")). thenReturn("true"); Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn( DummyAuthenticationHandler.class.getName()); Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret"); Mockito.when(config.getInitParameterNames()).thenReturn( new Vector<String>( Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements()); SignerSecretProvider secretProvider = getMockedServletContextWithStringSigner(config); filter.init(config); AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE); token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC); Signer signer = new Signer(secretProvider); String tokenSigned = signer.sign(token.toString()); Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned); HttpServletRequest request = Mockito.mock(HttpServletRequest.class); Mockito.when(request.getCookies()).thenReturn(new Cookie[]{cookie}); AuthenticationToken newToken = filter.getToken(request); Assert.assertEquals(token.toString(), newToken.toString()); } finally { filter.destroy(); } }
Example #20
Source File: AuthenticationFilter.java From big-c with Apache License 2.0 | 5 votes |
/** * Creates the Hadoop authentication HTTP cookie. * * @param token authentication token for the cookie. * @param expires UNIX timestamp that indicates the expire date of the * cookie. It has no effect if its value < 0. * * XXX the following code duplicate some logic in Jetty / Servlet API, * because of the fact that Hadoop is stuck at servlet 2.5 and jetty 6 * right now. */ public static void createAuthCookie(HttpServletResponse resp, String token, String domain, String path, long expires, boolean isSecure) { StringBuilder sb = new StringBuilder(AuthenticatedURL.AUTH_COOKIE) .append("="); if (token != null && token.length() > 0) { sb.append("\"").append(token).append("\""); } if (path != null) { sb.append("; Path=").append(path); } if (domain != null) { sb.append("; Domain=").append(domain); } if (expires >= 0) { Date date = new Date(expires); SimpleDateFormat df = new SimpleDateFormat("EEE, " + "dd-MMM-yyyy HH:mm:ss zzz"); df.setTimeZone(TimeZone.getTimeZone("GMT")); sb.append("; Expires=").append(df.format(date)); } if (isSecure) { sb.append("; Secure"); } sb.append("; HttpOnly"); resp.addHeader("Set-Cookie", sb.toString()); }
Example #21
Source File: AuthenticationFilter.java From big-c with Apache License 2.0 | 5 votes |
/** * Returns the {@link AuthenticationToken} for the request. * <p> * It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE} * if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns * it. * <p> * If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler} * to perform user authentication. * * @param request request object. * * @return the Authentication token if the request is authenticated, <code>null</code> otherwise. * * @throws IOException thrown if an IO error occurred. * @throws AuthenticationException thrown if the token is invalid or if it has expired. */ protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException { AuthenticationToken token = null; String tokenStr = null; Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if (cookie.getName().equals(AuthenticatedURL.AUTH_COOKIE)) { tokenStr = cookie.getValue(); try { tokenStr = signer.verifyAndExtract(tokenStr); } catch (SignerException ex) { throw new AuthenticationException(ex); } break; } } } if (tokenStr != null) { token = AuthenticationToken.parse(tokenStr); if (!token.getType().equals(authHandler.getType())) { throw new AuthenticationException("Invalid AuthenticationToken type"); } if (token.isExpired()) { throw new AuthenticationException("AuthenticationToken expired"); } } return token; }
Example #22
Source File: DelegationTokenAuthenticator.java From big-c with Apache License 2.0 | 5 votes |
/** * Cancels a delegation token from the server end-point. It does not require * being authenticated by the configured <code>Authenticator</code>. * * @param url the URL to cancel the delegation token from. Only HTTP/S URLs * are supported. * @param token the authentication token with the Delegation Token to cancel. * @param doAsUser the user to do as, which will be the token owner. * @throws IOException if an IO error occurred. */ public void cancelDelegationToken(URL url, AuthenticatedURL.Token token, Token<AbstractDelegationTokenIdentifier> dToken, String doAsUser) throws IOException { try { doDelegationTokenOperation(url, token, DelegationTokenOperation.CANCELDELEGATIONTOKEN, null, dToken, false, doAsUser); } catch (AuthenticationException ex) { throw new IOException("This should not happen: " + ex.getMessage(), ex); } }
Example #23
Source File: LogsearchKrbFilter.java From ambari-logsearch with Apache License 2.0 | 5 votes |
/** * Returns the {@link AuthenticationToken} for the request. * <p> * It looks at the received HTTP cookies and extracts the value of the {@link AuthenticatedURL#AUTH_COOKIE} * if present. It verifies the signature and if correct it creates the {@link AuthenticationToken} and returns * it. * <p> * If this method returns <code>null</code> the filter will invoke the configured {@link AuthenticationHandler} * to perform user authentication. * * @param request request object. * * @return the Authentication token if the request is authenticated, <code>null</code> otherwise. * * @throws IOException thrown if an IO error occurred. * @throws AuthenticationException thrown if the token is invalid or if it has expired. */ protected AuthenticationToken getToken(HttpServletRequest request) throws IOException, AuthenticationException { AuthenticationToken token = null; String tokenStr = null; Cookie[] cookies = request.getCookies(); if (cookies != null) { for (Cookie cookie : cookies) { if (AuthenticatedURL.AUTH_COOKIE.equals(cookie.getName())) { tokenStr = cookie.getValue(); try { tokenStr = signer.verifyAndExtract(tokenStr); } catch (SignerException ex) { throw new AuthenticationException(ex); } break; } } } if (tokenStr != null) { token = AuthenticationToken.parse(tokenStr); if(token != null){ if (!token.getType().equals(authHandler.getType())) { throw new AuthenticationException("Invalid AuthenticationToken type"); } if (token.isExpired()) { throw new AuthenticationException("AuthenticationToken expired"); } } } return token; }
Example #24
Source File: DelegationTokenAuthenticator.java From big-c with Apache License 2.0 | 5 votes |
private boolean hasDelegationToken(URL url, AuthenticatedURL.Token token) { boolean hasDt = false; if (token instanceof DelegationTokenAuthenticatedURL.Token) { hasDt = ((DelegationTokenAuthenticatedURL.Token) token). getDelegationToken() != null; } if (!hasDt) { String queryStr = url.getQuery(); hasDt = (queryStr != null) && queryStr.contains(DELEGATION_PARAM + "="); } return hasDt; }
Example #25
Source File: TestSentryWebServerWithKerberos.java From incubator-sentry with Apache License 2.0 | 5 votes |
@Test public void testPing() throws Exception { runTestAsSubject(new TestOperation(){ @Override public void runTestAsSubject() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); HttpURLConnection conn = new AuthenticatedURL(new KerberosAuthenticator()). openConnection(url, new AuthenticatedURL.Token()); Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); String response = IOUtils.toString(conn.getInputStream()); Assert.assertEquals("pong\n", response); }} ); }
Example #26
Source File: WhoClient.java From big-c with Apache License 2.0 | 5 votes |
public static void main(String[] args) { try { if (args.length != 1) { System.err.println("Usage: <URL>"); System.exit(-1); } AuthenticatedURL.Token token = new AuthenticatedURL.Token(); URL url = new URL(args[0]); HttpURLConnection conn = new AuthenticatedURL().openConnection(url, token); System.out.println(); System.out.println("Token value: " + token); System.out.println("Status code: " + conn.getResponseCode() + " " + conn.getResponseMessage()); System.out.println(); if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) { BufferedReader reader = new BufferedReader( new InputStreamReader( conn.getInputStream(), Charset.forName("UTF-8"))); String line = reader.readLine(); while (line != null) { System.out.println(line); line = reader.readLine(); } reader.close(); } System.out.println(); } catch (Exception ex) { System.err.println("ERROR: " + ex.getMessage()); System.exit(-1); } }
Example #27
Source File: TestSentryWebServerWithKerberos.java From incubator-sentry with Apache License 2.0 | 5 votes |
@Test public void testPingWithoutSubject() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (Exception e) { boolean isExpectError = e.getMessage().contains("No valid credentials provided"); Assert.assertTrue("Here should fail by 'No valid credentials provided'," + " but the exception is:" + e, isExpectError); } }
Example #28
Source File: TestSentryWebServerWithKerberos.java From incubator-sentry with Apache License 2.0 | 5 votes |
@Test public void testPingWithUnauthorizedUser() throws Exception { // create an unauthorized User with Kerberos String userPrinciple = "user/" + SERVER_HOST; String userKerberosName = userPrinciple + "@" + REALM; Subject userSubject = new Subject(false, Sets.newHashSet( new KerberosPrincipal(userKerberosName)), new HashSet<Object>(),new HashSet<Object>()); File userKeytab = new File(kdcWorkDir, "user.keytab"); kdc.createPrincipal(userKeytab, userPrinciple); LoginContext userLoginContext = new LoginContext("", userSubject, null, KerberosConfiguration.createClientConfig(userKerberosName, userKeytab)); userLoginContext.login(); Subject.doAs(userLoginContext.getSubject(), new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { final URL url = new URL("http://"+ SERVER_HOST + ":" + webServerPort + "/ping"); try { new AuthenticatedURL(new KerberosAuthenticator()).openConnection(url, new AuthenticatedURL.Token()); fail("Here should fail."); } catch (AuthenticationException e) { String expectedError = "status code: 403"; if (!e.getMessage().contains(expectedError)) { LOG.error("UnexpectedError: " + e.getMessage(), e); fail("UnexpectedError: " + e.getMessage()); } } return null; } }); }
Example #29
Source File: DelegationTokenAuthenticator.java From big-c with Apache License 2.0 | 5 votes |
@Override public void authenticate(URL url, AuthenticatedURL.Token token) throws IOException, AuthenticationException { if (!hasDelegationToken(url, token)) { authenticator.authenticate(url, token); } }
Example #30
Source File: TestAuthenticationFilter.java From big-c with Apache License 2.0 | 5 votes |
private static void verifyUnauthorized(AuthenticationFilter filter, HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { final HashMap<String, String> cookieMap = new HashMap<String, String>(); Mockito.doAnswer(new Answer<Object>() { @Override public Object answer(InvocationOnMock invocation) throws Throwable { String cookieHeader = (String) invocation.getArguments()[1]; parseCookieMap(cookieHeader, cookieMap); return null; } }).when(response).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString()); filter.doFilter(request, response, chain); Mockito.verify(response).sendError(Mockito.eq(HttpServletResponse .SC_UNAUTHORIZED), Mockito.anyString()); Mockito.verify(chain, Mockito.never()).doFilter(Mockito.any (ServletRequest.class), Mockito.any(ServletResponse.class)); Assert.assertTrue("cookie is missing", cookieMap.containsKey(AuthenticatedURL.AUTH_COOKIE)); Assert.assertEquals("", cookieMap.get(AuthenticatedURL.AUTH_COOKIE)); }